ConnectWise is updating the digital signing certificates used in ScreenConnect, ConnectWise Automate, and ConnectWise RMM due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.
In addition to issuing new certificates, ConnectWise is releasing an update to improve how this configuration data is managed in ScreenConnect. This issue does not involve a compromise of their systems or certificates (including the event described in our May 28, 2025 Security Advisory). However, based on recent requirements from ConnectWise technology partners, they are required to rotate our certificates by Friday, June 13 at 8:00 p.m. ET. ConnectWise received this extended deadline Monday evening.
Read more…
Source: ConnectWise
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Atlassian update: “Take immediate action” to patch your Confluence Data Center and Server instances
November 2, 2023
Atlassian has released an advisory about a critical severity authentication vulnerability in the Confluence Server and Data Center. All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Atlassian Cloud sites are not impacted by this vulnerability, so if your Confluence site is accessed via an atlassian.net domain, it is not ...
- SolarWinds and its CISO accused of misleading investors before major cyberattack
November 1, 2023
The Securities and Exchange Commission (SEC) has announced charges against software company SolarWinds Corporation and its chief information security officer (CISO), Timothy G. Brown, for “fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.” In 2020, SolarWinds announced it had been hacked and that its compromised software channel was used to push ...
- Ransomware gang HelloKitty exploits critical Apache ActiveMQ bug CVE-2023-46604
November 1, 2023
Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments. In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations. Based on the ransom note and available evidence, we attribute the activity to ...
- Investigation of Session Hijacking via Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966)
October 31, 2023
On Oct. 10, 2023, Citrix released a security bulletin for a sensitive information disclosure vulnerability (CVE-2023-4966) impacting NetScaler ADC and NetScaler Gateway appliances. Mandiant has identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023 as well as n-day exploitation after Citrix’s publication. Mandiant is investigating multiple instances of successful exploitation of ...
- Update now! Apple patches a raft of vulnerabilities
October 27, 2023
Apple has released security updates for its phones, iPads, Macs, watches and TVs. Updates are available for these products: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation ...
- A cascade of compromise: unveiling Lazarus’ new campaign
October 27, 2023
Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. What’s remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendor’s systems continued to use the flawed software, allowing the threat actor to exploit them. Upon further investigation, ...